6 May
2025
6 May
'25
2:50 a.m.
On Mon, May 05, 2025 at 07:42:01AM +0000, Windl, Ulrich wrote:
The ide was to provide an alternate DN, but maybe it does not work the way I thought. I saw this example in https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c96b5...: F=John Smith+F=David Jones, OU=Users,DC=Fabrikam,DC=com
Hi Ulrich, that example is contrary to RFC4512 section 2.2 around the end[0].
Actually if you read the link you provided, AD's own implementation is much stricter and doesn't support multivalued rDNs at all and the example you give is specifically listed as "disallowed"!
[0]. https://www.rfc-editor.org/rfc/rfc4512#section-2.2
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP